Bitdefender Hypervisor Memory Introspection
|
#include <codeblocks.h>
Data Fields | |
DWORD | OffsetStart |
The start of the extracted codeblock (not actually relevant) More... | |
DWORD | Hash |
The hash will be computed on Chunks array. More... | |
WORD | Size |
Code block size, in patterns. More... | |
BYTE | PivotInstruction |
BYTE | Chunks [CODE_BLOCK_CHUNKS_COUNT] |
The actual CODE_INS values representing the instruction pattern. More... | |
Describes a single normalized code block. This is just a "passing" structure. From this it will be built a CODE_SIGNATURE structure that will be matched against the databases (or inserted into one). Each codeblock is a series of patterns that will be computed into a hash. A signature will consist of a few hashes like this.
Definition at line 51 of file codeblocks.h.
BYTE _CODE_BLOCK::Chunks[CODE_BLOCK_CHUNKS_COUNT] |
The actual CODE_INS values representing the instruction pattern.
Definition at line 58 of file codeblocks.h.
Referenced by IntAlertFillCodeBlocks(), IntFragDumpBlocks(), and IntSerializeExtractCodeBlocks().
DWORD _CODE_BLOCK::Hash |
The hash will be computed on Chunks array.
Definition at line 54 of file codeblocks.h.
DWORD _CODE_BLOCK::OffsetStart |
The start of the extracted codeblock (not actually relevant)
Definition at line 53 of file codeblocks.h.
Referenced by IntAlertFillCodeBlocks(), IntFragDumpBlocks(), IntSerializeCodeBlocksPattern(), and IntSerializeExtractCodeBlocks().
BYTE _CODE_BLOCK::PivotInstruction |
This indicates the first instruction type inside the code block.
Definition at line 56 of file codeblocks.h.
Referenced by IntAlertFillCodeBlocks(), IntFragDumpBlocks(), and IntSerializeExtractCodeBlocks().
WORD _CODE_BLOCK::Size |
Code block size, in patterns.
Definition at line 55 of file codeblocks.h.
Referenced by IntAlertFillCodeBlocks(), IntFragDumpBlocks(), and IntSerializeExtractCodeBlocks().